The Path

The path is already drawn. Someone numbered the squares, laid out the route, mapped every step from start to finish. All you have to do is follow it.

Lateral movement is what happens after an attacker is already inside. The initial breach — a phishing email, a stolen credential, an unpatched vulnerability — gets them through the door. What comes next is the hop. From the compromised workstation to the internal server. From the server to the domain controller. From there to whatever they came for. Box by box, each step using the access gained from the last one.

This is why perimeter security alone was never enough. Stopping someone at the door doesn't tell you anything about what they could reach if they got through. A network with no internal segmentation, no monitoring of east-west traffic, no least-privilege access controls is a hopscotch grid with no obstacles — just a numbered path from entry to target.

The attacker doesn't run. They hop. Quietly, one square at a time, using legitimate tools and valid credentials wherever possible. The goal is to look like normal traffic for as long as possible. By the time anyone notices, they're usually past the end of the grid.